Recital

Login Register

When you start the loadbalancer.org appliance you will see the following:

Default login:
Username: root
Password: loadbalancer

Access to webclient from an external client is:
http://192.168.1.129:9080
http://192.168.1.129:9443

You can access the web administrator using the IP and ports described onscreen.

For the sri lanka porject we are looking for performance and the network diagram indicates we are happy to have the cluster on the same subnet as the rest of the network.

Direct routing is the fasted performance possible, it has the advantage over NAT that the Loadbalancer does not become a bottleneck for incoming and outgoing packets. With DR the loadbalancer simply examines incoming packets and the servers to route the packets directly back to the requesting user.

The web interfaceis the only way to fully configure the loadbalancer vm. The console tool lbwizard will get it initiallised and any further configurations can then be done via the webinterface.

Using lbwizard for the Sri lanka configuration follow these steps.

On the first Loadbalancer:

//Start

Is this unit part for a HA Pair?
YES

Have you already setup the Slave?
NO

Is this a one-armed configuration?
YES

Enter the IP Address for the interface eth0?
Enter IP address you wish to be assigned to the SLAVE loadbalancer.

Enter the netmask for interface eth0?
Enter netmask for the subnet.

Enter the Floating IP adrress?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.

//Finish

On the 2nd loadbalancer VM, run the lbwizard.

//Start

Is this unit part of an HA-Pair?
YES

Have you already set up the Slave?
YES

What is the slave units UP address?
Enter the IP which you entered when configuring the other loadbalancer VM.

Is this a one-armed configuration?
YES

Enter the IP Address for the interface eth0?
Enter the IP that will be assigned to the MASTER loadbalancer

Enter the netmask for interface eth0?
Enter the subnet netmask.

Enter the Floating IP address?
Enter the IP address that will be IP assosiacted the the HA-pair of loadbalancers.

Enter the address of the default gateway?
Enter the deafult gateway for the subnet.

Enter the IP of the nameserver?
Enter the dns server.

Enter the port for the first Virtual server?
Enter 22 for ssh

Enter the IP address of the first real server?
Enter the real IP of the first appserver

//Finish

Now this is complete we need to go to the web admin interface to configure the 2nd Real Server. As the lbwizard program will only allow you to configure 1 real server.

Now login to the web admin using the default password:

username: loadbalancer
password: loadbalancer

Note: Connect to the IP you have now set for your master loadbalancer

Goto the edit configuration tab

Now click add a real server:

Enter a label
IP address of the server plus the port of the service i.e. 192.168.1.125:22


Edit Configuration -> Virtual Servers

persistancte -> NO

Scheduler-> LC
LC - Least-Connection: assign more jobs to real servers with
fewer active jobs.

Service to check -> custom1

Check port -> 22

Forwarding Method -> DR

Feedback Method -> Agent

Arp Problem when using DR

Every real server must be configured to respond to the VIP address as well as the RIP
address.

You can use iptables (netfilter) on the real server to re-direct incoming packets destined for the virtual
server IP address.

This is a simple case of adding the following command to your start up script (rc.local):

//replace 10.0.0.21 with the Virtual Server IP
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.21 -j REDIRECT

chkconfig iptables on

Published in Blogs
Read more...
Recital's version of Samba allows application data to be shared and locked correctly across these systems, allowing a truly integrated heterogeneous data environment. For example Recital applications running on a UNIX/Linux server can read and update FoxPro databases residing on a Microsoft Windows NT server through the use of Samba.
You can view the modified changes by downloading the following files and patching these into your current Samba installation.
open.c (file opening and share modes)
version.h (versioning information)
The variable CPPFLAGS in the file Makefile will require the define -DRECITAL added to it.
In order to make the locking compatible between UNIX/Linux and Windows the following environment variable must be placed in the profile.db for Unix/Linux Developer and in profile.uas for the Universal Application Server:
DB_SAMBA=YES ;export DB_SAMBA 
The following settings need to be added to the smb.conf file to ensure that file names are always converted to lower case:
preserve case = no 
default case = lower 
mangle case = yes 
The following settings need to be added to the smb.conf file for locking to operate correctly:
oplocks = False
share modes = no
Published in Blogs
Read more...
The Recital Universal ODBC Driver is a 32 bit implementation, so is not listed in the 64 bit ODBC Data Source Administrator, which is the default administrator accessed from Control Panel | Administration Tools.

So, to create and configure Recital ODBC datasources, you need to use the Window 32 bit ODBC Data Source Administrator or Recital's own  Recital Universal ODBC Manager (32-bit).

The Window 32 bit ODBC Data Source Administrator is %windir%\SysWOW64\odbcad32.exe.
The Recital Universal ODBC Manager (32-bit) can be accessed from the Control Panel (icon view).
Published in Blogs
Read more...

In this article Barry Mavin, CEO and Chief Software Architect for Recital provides details on how the Recital Database Server can be used to provide a solution for Universal Data Integration.

Overview

The Recital Database Server handles universal cross-platform data access to a wide range of data sources. The database server natively handles full remote SQL data access to Recital, Visual FoxPro, FoxPro, FoxBASE, Clipper and older dBase data. Using Bridges, it handles full remote SQL data access to C-ISAM and OpenVMS RMS. Using gateway connections, it handles full remote SQL data access to Oracle, MySQL, PostgreSQL, SQL Server, server-side ODBC, server-side JDBC and server-side OLE DB data sources. With its ability to access data using server-side ODBC, JDBC and OLE DB drivers from clients on all supported operating systems (Windows, Linux, Unix, OpenVMS), the Recital Database Server is an ideal Data Integration Solution for applications of all sizes and complexity.

Universal Data Integration Solutions

There are several ways in which data may be accessed by the Database Server.

Table 1:

Client Universal Data Access solutions for accessing local or remote data.


Client Solution
Recital Use remote gateway connections
Visual FoxPro Use the Universal ODBC Driver
Java (all platforms) Use the Universal JDBC Driver
.NET Framework Use the Universal .NET Data Provider
Microsoft Office Use the Universal ODBC Driver
Windows Mobile Use the Universal Compact Framework .NET Data Provider
PHP on Linux Use the Universal ODBC Driver for Linux
Mono on Linux Use the Universal .NET Data Provider
Others If the data source you want to access is not in the list above, then you can use a remote ODBC, JDBC or OLE DB gateway.
You can find examples of connection strings for most ODBC and OLE DB data sources by clicking here.

Table 2:

Windows Server Universal Data Access solutions accessible from any remote client running on Windows, Linux, Unix or OpenVMS:


Data Source Solution
Recital Native support (See table 1)
Visual FoxPro Native support (See table 1)
FoxPro Native support (See table 1)
FoxBASE Native support (See table 1)
Clipper Native support (See table 1)
dBase Native support (See table 1)
C-ISAM Use a bridge (See table 1)
Access Use a gateway connection
gateway="oledb:Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\somepath\mydb.mdb;User Id=admin;Password=;"
Exchange Use a gateway connection
gateway="oledb:Provider=ExOLEDB.DataSource;Data Source=http://servername/publicstore"
Excel Use a gateway connection
gateway="oledb:Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\MyExcel.xls;"
Oracle Use a gateway connection
gateway="oledb:Provider=msdaora;Data Source=TheOracleDB;User Id=xxxxx;Password=xxxxx;"
SQL Server Use a gateway connection
gateway="oledb:Provider=sqloledb;Data Source=Aron1;Initial Catalog=pubs;User Id=sa;Password=asdasd;"
MySQL Use a gateway connection
gateway="oledb:Provider=MySQLProv;Data Source=mydb;User Id=xxxxx;Password=xxxxx;"
IBM DB2 Use a gateway connection
gateway="oledb:Provider=DB2OLEDB;Network Transport Library=TCPIP;Network Address=XXX.XXX.XXX.XXX;Initial Catalog=MyCtlg;Package Collection=MyPkgCol;Default Schema=Schema;User ID=MyUser;Password=MyPW"
Sybase ASA Use a gateway connection
gateway="oledb:Provider=ASAProv;Data source=myASA"
Sybase ASE Use a gateway connection
gateway="oledb:Provider=Sybase.ASEOLEDBProvider;Srvr=myASEserver,5000;Catalog=myDBname;User Id=username;Password=password"
IBM Informix Use a gateway connection
gateway="oledb:Provider=Ifxoledbc.2;password=myPw;User ID=myUser;Data Source=dbName@serverName;Persist Security Info=true"
Ingres Use a gateway connection
gateway="odbc:dsn=data_source_name"
Firebird Use a gateway connection
gateway="odbc:dsn=data_source_name"
IBM AS400 iSeries Use a gateway connection
gateway="oledb:PROVIDER=IBMDA400; DATA SOURCE=MY_SYSTEM_NAME;USER ID=myUserName;PASSWORD=myPwd"
Interbase Use a gateway connection
gateway="oledb:provider=sibprovider;location=localhost:;data source=c:\databases\gdbs\mygdb.gdb;user id=xxxxx;password=xxxxx"
Others

If the data source you want to access is not in the list above, then you can use server-side ODBC, JDBC or OLE DB.
You can find examples of connection strings for most ODBC and OLE DB data sources by clicking here.
Full details on using server-side JDBC drivers can be found here.
Full details on using server-side ODBC drivers can be found here.
Full details on using server-side OLE DB drivers can be found here.


Table 3:

Linux and Unix Server Universal Data Access solutions accessible from any remote client running on Windows, Linux, Unix or OpenVMS:


Data Source Solution
Recital Native support (See table 1)
Visual FoxPro Native support (See table 1)
FoxPro Native support (See table 1)
FoxBASE Native support (See table 1)
Clipper Native support (See table 1)
dBase Native support (See table 1)
C-ISAM Use a bridge (See table 1)
Oracle Use a gateway connection
gateway="oracle:Connection_String"
MySQL Use a gateway connection
gateway="mysql:Connection_String"
IBM DB2 Use a gateway connection
gateway="db2:Connection_String"
PostgreSQL Use a gateway connection
gateway="postgres:Connection_String"
Others

If the data source you want to access is not in the list above, then you can use a server-side JDBC driver.
Full details on using server-side JDBC drivers can be found here.


Table 4:

OpenVMS Server Universal Data Access solutions accessible from any remote client running on Windows, Linux, Unix or OpenVMS:


Data Source Solution
Recital Native support (See table 1)
Visual FoxPro Native support (See table 1)
FoxPro Native support (See table 1)
FoxBASE Native support (See table 1)
Clipper Native support (See table 1)
dBase Native support (See table 1)
RMS Use a bridge (See table 1)
Others

If the data source you want to access is not in the list above, then you can use a server-side JDBC driver.

Supported Data Sources

Native Data Access

The Recital Database Server has native built-in support for the following data sources:

  • Recital
  • Visual FoxPro
  • FoxPro
  • FoxBASE
  • Clipper
  • dBase

You can setup tables to work with using the Database Administration Tool in Recital Enterprise Studio.

Bridges

Using Bridges, you can access the following data sources as if they were standard Recital/FoxPro tables:

  • CISAM
  • OpenVMS RMS

You can setup bridges using the Database Administration Tool in Recital Enterprise Studio.

Gateways/Connections

Using Gateways, you can transparently access the following local or remote data sources:

  • Recital
  • Oracle
  • ODBC (Server-side ODBC data sources)
  • JDBC (Server-side JDBC data sources)
  • OLEDB Use this to connect to SQL Server and other Windows OLE DB data sources)
  • MySQL
  • PostgreSQL

Remote Data Object functions

Recital 10 includes a complete and robust set of data source independent functions for accession MySQL, Oracle, DB2 and Postgres. This article explains how to use them.

Client Data Access drivers

Included with the Recital Database Server are three Client drivers. These Client drivers can access any data sources supported by the Recital Database Server. They are not restricted to accessing only Recital data. They can be used to access server-side ODBC, JDBC and OLE DB data sources also.

Recital Universal .NET Data Provider

Use this client driver when building .NET applications with Visual Studio .NET. A data provider in the .NET Framework serves as a bridge between an application and a data source. A data provider is used to retrieve data from a data source and to reconcile changes to that data back to the data source.

Key features of the Recital Universal .NET Data Provider:

  • Fully Internet enabled
    The Recital Universal .NET Data Provider works across the internet providing access to a wide range of data sources located on remote servers running Windows, Linux, Unix and OpenVMS.
  • SQL Server compatible
    The Recital Universal .NET Data Provider is plug compatible with the .NET Framework SQL Server Data Provider.
  • Cross-platform Data Integration
    Using the Recital Universal .NET Data Provider, you can connect to remote Windows, Linux, Unix or OpenVMS servers and access any data source supported by the Recital Database Server.
  • Managed code
    The Recital Universal .NET Data Adaptor written in C# is 100% .NET Framework managed code.
  • Runs on Windows Mobile
    The Recital Universal .NET Data Adaptor runs under the .NET Compact Framework on Windows Mobile.
Recital Universal JDBC Driver

The JDBC API is the industry standard for database-independent connectivity between the Java programming language and a wide range of databases. The JDBC API provides a call-level API for SQL-based database access. JDBC technology allows you to use the Java programming language to exploit "Write Once, Run Anywhere" capabilities for applications that require access to enterprise data.

Key features of the Recital Universal JDBC Driver:

  • Fully Internet enabled
    The Recital Universal JDBC driver works across the internet providing access to a wide range of data sources located on remote servers running Windows, Linux, Unix and OpenVMS.
  • JDBC 3.0 API
    The Recital Universal JDBC driver supports the JDBC 3.0 API.
  • Pure Java Type 3 Driver
    The Recital Universal JDBC driver is a 100% pure Java Type 3 driver.
  • Full Access to Metadata
    The JDBC API provides metadata access that enables the development of sophisticated applications that need to understand the underlying facilities and capabilities of a specific database connection.
  • Cross-platform Data Integration
    Using the Recital Universal JDBC driver, you can connect to remote Windows, Linux, Unix or OpenVMS servers and access any data source supported by the Recital Database Server.
  • No Installation
    A pure JDBC technology-based driver does not require special installation; it is automatically downloaded as part of the applet that makes the JDBC calls. The Recital Universal JDBC Driver is 100% java.
Recital Universal ODBC Driver

Connect to remote data from Microsoft Office or other applications that support ODBC data access. The Recital Universal ODBC Driver is also available for Linux and Unix.

Key features of the Recital Universal ODBC Driver:

  • Fully Internet enabled
    The Recital Universal ODBC driver works across the internet providing access to a wide range of data sources located on remote servers running Windows, Linux, Unix and OpenVMS.
  • Works with Crystal Reports
    The Recital Universal ODBC driver supports the SQL syntax generated by Crystal Reports.
  • Works with Microsoft Office
    The Recital Universal ODBC driver works with Microsoft Office products.
  • Works with PHP on Linux
    The Recital Universal ODBC driver is available for Linux and works with PHP.
Published in Blogs
Read more...
Hdparm can be used to view or set many hardware characteristics of IDE or SATA drives including optical drives (and even some SCSI drives).  For example, the read-lookahead feature can be enabled or disabled.  Also of interest is that the on board write caching can be disabled.  This may or may not be of use when trying to optimize the writing of data to the drive especially when the operating system and/or file system itself may also perform write caching.

Some options of hdparm are dangerous and are generally listed as such in the man page.

Hdparm is available from SourceForge and there is even a version for Windows.
Published in Blogs
Read more...

Recital 10.0.0 Linux x86 is now available

The full download for linux x86 can be downloaded from here.

Release notes can be found here.

Published in Blogs
Read more...

Many motherboards nowadays have integrated gigabit ethernet that use the Realtek NIC chipset.

The Realtek r8168B network card does not work out of the box in Redhat/Centos 5.3: instead of loading the r8168 driver, modprobe loads the r8169 driver, which is broken as can be seen with ifconfig which shows large amounts of dropped packets. A solution is to download the r8168 driver from the Realtek website and install it using the following steps:

Check whether the built-in driver, r8169.ko (or r8169.o for kernel 2.4.x), is installed.

# lsmod | grep r8169

If it is installed remove it.

# rmmod r8169

Download the R8168B linux driver from here into /root.

Unpack the tarball :

# cd /root
# tar vjxf r8168-8.012.00.tar.bz2

Change to the directory:

# cd r8168-8.012.00

If you are running the target kernel, then you should be able to do :

# make clean modules   
# make install
# depmod -a
# insmod ./src/r8168.ko (or r8168.o in linux kernel 2.4.x)

make sure modprobe knows not to use r8169, and that depmod doesn’t find the r8169 module.

# echo "blacklist r8169" >> /etc/modprobe.d/blacklist
# mv /lib/modules/`uname -r`/kernel/drivers/net/r8169.ko   \ /lib/modules/`uname -r`/kernel/drivers/net/r8169.ko.bak

You can check whether the driver is loaded by using the following commands.

# lsmod | grep r8168
# ifconfig -a

If there is a device name, ethX, shown on the monitor, the linux driver is loaded. Then, you can use the following command to activate it.

# ifconfig ethX up

After this you should not see any more dropped packets reported.

Published in Blogs
Read more...
When using Recital on linux you can integrate your favorite linux shell commands and use then directly inside Recital using the alias command. This can be particularly useful when you ssh into a remote system and run recital. You can then issue linux commands without having to open another terminal session. Several aliased shell commands are predefined in /opt/recital/conf/config.db. You can add others to suit your needs.
 
On my system i have these commands aliased.
alias pwd  "? default()"
alias cp   "copy file "
alias mv   "rename "
alias rm   "erase "
alias ls   "run('ls $0')"
alias ps   "run('ps $0')"
alias grep "run('grep $0')"
alias cd   "set default to $1"
alias cls  "clear screen"
These commands can now be used inside the Recital command window just as you would use them at the linux prompt, including the ability to pipe commands together.
ls -l | grep .prg
ps -elf | grep db.exe
The run() function that is used to run the shell command as specified in the alias command will capture output and display it in a text viewer. If you want to run the command and display the contents full screen, then specify true as the third parameter to the run().
run("command", true, true) 
The arguments to run() are as follows.
Argument Description
1 the command line to run
2 True if output should be displayed in a text area (default True)
3 True if the output should be displayed full screen (default False)
 
The alias command handles parameter substitition.
Macro Description
$0 the command line following the command name
$1..$n the arguments given to the command
Published in Blogs
Read more...

This article discusses Recital database security: from operating system file permissions through file and field protection to DES3 encryption.

Overview

A company's data is extremely valuable and must be protected, both in operation and in physical file format. Recital products provide a range of ways to protect your data.

Operating System File Permissions

The most basic level of database security is provided by the operating system. Recital database tables and indexes are individual files with their own respective operating system file permissions. Read permission is required to open a table and write permission to update a table. If a user does not have read permission they are denied access. Without write permission, a table will be opened read-only.

Here the owner, root, and members of the recital group have write permission, so can update the example table unless additional protection applies. Other users can only open the example table read-only.

# ls -l example*
-rwxrwxr-x    1 root     recital       147 Nov 29 14:27 example.dbd
-rwxrwxr-x    1 root     recital     41580 Nov 29 14:27 example.dbf
-rwxrwxr-x    1 root     recital     13312 Nov 29 14:28 example.dbt
-rwxrwxr-x    1 root     recital     19456 Nov 29 14:28 example.dbx

Note: As in the example above, a table's associated files should have the same permissions as the table itself:

File Extension

File Type

.dbd

Dictionary

.dbf

Table

.dbt

Memo

.dbx

Index


Database Dictionary

Each Recital table may have a Database Dictionary. The Dictionary can be used both to protect the integrity of the data and to protect access to the data. This section covers Column Constraints, Triggers, Security and Protection.

Column Constraints: Data Integrity

The Dictionary attributes or constraints either prevent the entry of incorrect data, e.g. must_enter and validation or aid the entry of correct data, e.g. default, picture and choicelist. The Dictionary can be modified in the character mode CREATE/MODIFY STRUCTURE worksurface, via SQL statements, or in the Recital Enterprise Studio Database Administrator.


Click image to display full size

Fig 1: MODIFY STRUCTURE Worksurface: Dictionary.

The SQL Column Constraints are as follows:

Constraint

Description

AUTO_INCREMENT | AUTOINC

Used to auto increment the value of a column.

CALCULATED

Used to calculate the value of a column.

CHECK | SET CHECK

Used to validate a change to the value of a column.

DEFAULT

Used to set a default value for the specified column.

DESCRIPTION

Used set the column description for the specified column.

ERROR

Used to define an error message to be displayed when a validation check fails.

FOREIGN KEY

Used to define a column as a Foreign Key for a parent table.

NOCPTRANS

Used to prevent code page translation for character and memo fields.

NOT NULL | NULL

Used to disallow/allow NULL values.

PRIMARY KEY

Used to define a table’s Primary Key.

RANGE

Used to specify minimum and maximum values for a date or numerical column.

RECALCULATE

Used to force recalculation of calculated columns when a column’s value changes.

REFERENCES

Used to create a relationship to an index key of another table.

UNIQUE

Used to define the column as a candidate index for the table


These can be specified in CREATE TABLE or ALTER TABLE statements:

exec sql
  OPEN DATABASE southwind;
exec sql
  ALTER TABLE customers ADD COLUMN timeref char(8) CHECK validtime(timeref)
  ERROR "Not a valid time string";

Click image to display full size

Fig 2: Database Administrator: Column Constraints and Attributes.

TRIGGERS

Table Level Triggers are event-driven procedures called before an I/O operation. These can be used to introduce another layer of checks before a particular operation is permitted to take place or to simply set up logging of those operations.

The CREATE/MODIFY STRUCTURE worksurface <TRIGGERS> menu bar option allows you to specify table level triggers. You may edit a trigger procedure from within the <TRIGGERS> menu by placing the cursor next to the procedure name and pressing the [HELP] key. A text window pops up for editing. If the table triggers are stored in separate <.prg> files, rather than in a procedure library, procedures need not be predefined (SET PROCEDURE) before using the table.


Click image to display full size

Fig 3: MODIFY STRUCTURE Worksurface: Triggers.

 

The following triggers can be selected and associated with a specified procedure name in the <TRIGGERS> menu.

Trigger

Description

UPDATE

The specified procedure is called prior to an update operation on the table. If the procedure returns .F., then the UPDATE is canceled.

DELETE

The specified procedure is called prior to a delete operation on the table. If the procedure returns .F., then the DELETE is canceled.

APPEND

The specified procedure is called prior to an append operation on the table. If the procedure returns .F., then the APPEND is canceled.

OPEN

The specified procedure is called after an open operation on the table.

CLOSE

The specified procedure is called prior to a close operation on the table.

ROLLBACK

The specified procedure is called when a user presses the [ABANDON] key in a forms based operation.


The Recital Enterprise Studio Database Administrator also allows you to associate existing programs as Table Trigger Procedures.

Click image to display full size

Fig 4: Database Administrator: Triggers.

 

Programmatically, Trigger Procedures can also be associated with a table using SQL. The following table constraints may be applied in the SQL CREATE TABLE and ALTER TABLE statements:

Trigger

Description

ONUPDATE

The specified procedure is called prior to an update operation on the table. If the procedure returns .F., then the UPDATE is canceled.
e.g. SQL> ALTER TABLE customer modify ONUPDATE "p_update";

ONDELETE

The specified procedure is called prior to a delete operation on the table. If the procedure returns .F., then the DELETE is canceled.
e.g. SQL> ALTER TABLE customer modify ONDELETE "p_delete";

ONINSERT

The specified procedure is called prior to an insert operation on the table. If the procedure returns .F., then the INSERT is canceled.
e.g. SQL> ALTER TABLE customer modify ONINSERT "p_insert";

ONOPEN

The specified procedure is called after an open operation on the table.
e.g. SQL> ALTER TABLE customer modify ONOPEN "p_open";

ONCLOSE

The specified procedure is called prior to a close operation on the table.
e.g. SQL> ALTER TABLE customer modify ONCLOSE "p_close";

ONROLLBACK

The specified procedure is called when a user presses the [ABANDON] key in a forms based operation.
e.g. SQL> ALTER TABLE customer modify ONROLLBACK "p_rollback";


SECURITY

As mentioned above, all Recital files are subject to Operating System read and write permissions. These permissions can be further refined, while still using the Operating System user and group IDs, in the Security and Protection sections of the Dictionary. The Security section handles table based operations and the Protection section focuses on individual fields.

Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.

Click image to display full size

Fig 5: MODIFY STRUCTURE Worksurface: Security.

 

The Security section has table operations for which Access Control Strings can be specified. An Access Control String (ACS) is a range of valid user identification codes, and is used to restrict table operations to certain individuals or groups. Each user on the system is allocated a group number and a user number. The user identification code is the combination of group and user numbers. When constructing an Access Control String of linked user identification codes, wild card characters may be used.

Example ACS

Description

[1,2]

In group 1, user 2

[100,*]

In group 100, all users

[2-7,*]

In groups 2-7, all users

[*,100-200]

In all groups, users 100-200

[1,*]&[2-7,1-7]

In group 1, all users, in groups 2-7, users 1-7


Please note that the maximum ACS length is 254 characters. OpenVMS group and user numbers are stored and specified in octal. On other Operating Systems, group and user numbers are stored and specified in decimal.

Access Control Strings may be associated with the following operations:

Operation

Description

READONLY

Users specified in the ACS have read-only access to the table. All other users have update access.

UPDATE

Users specified in the ACS have update access to the table. All other users are restricted to read-only access.

APPEND

Users specified in the ACS can append records into the table. No other users can append.

DELETE

Users specified in the ACS can delete records from the table. No other users can delete.

COPY

Users specified in the ACS can copy records from the table. No other users can copy.

ADMIN

Users specified in the ACS can use the following commands:
SET DICTIONARY TO
MODIFY STRUCTURE
PACK
ZAP
REINDEX
All other users cannot, except the creator of the table, who is always granted ADMIN access.


The corresponding SQL privileges are:

Operation

Description

SELECT

Users specified in the ACS may name any column in a SELECT statement. All other users have update access.

UPDATE

Users specified in the ACS may name any column in an UPDATE statement. All other users are restricted to read-only access.

INSERT

Users specified in the ACS can INSERT rows into the table. No other users can INSERT.

DELETE

Users specified in the ACS can DELETE rows from the table. No other users can DELETE.

ALTER

Users specified in the ACS can use the ALTER TABLE statement on this table.

READONLY

Users specified in the ACS may read any column in a SELECT statement. All other users have update access.


// Grant insert privilege for the customer table
exec sql
  OPEN DATABASE southwind;
exec sql
  GRANT UPDATE (lastname, firstname)
  INSERT ON customers
  TO '[20,100]'; 
	
// Grant all privileges to all users
exec sql
  OPEN DATABASE southwind;
exec sql
  GRANT ALL 
  ON shippers TO PUBLIC;

PROTECTION

Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.

Click image to display full size

Fig 6: Database Administrator: Protection.

 


The format of the ACS is the same as in <SECURITY> above. The following protection can be defined:

Operation

Description

READONLY

Users specified in the ACS have read-only access to the field. All other users have update access.

UPDATE

Users specified in the ACS have update access to the field. All other users are restricted to read-only access.


Recital Terminal Developer also has 'HIDDEN' Protection:

Operation

Description

HIDDEN

Users specified in the ACS see the 'hiddenfield'character rather than the data in the field. All other users see the data.


Hidden fields can be accessed and viewed on a work surface, but the field contains the hiddenfield character, ‘?’. If the field is referenced in an expression, it will contain the following: blanks for character fields, ‘F’ for logical fields, 00/00/0000 for date fields and blank for memo fields.

The corresponding SQL privileges are:

Operation

Description

SELECT

Users specified in the ACS may name the column in a SELECT statement. All other users have update access.

UPDATE

Users specified in the ACS may name the column in an UPDATE statement. All other users are restricted to read-only access.

READONLY

Users specified in the ACS may read the column in a SELECT statement. All other users have update access.


// Grant update privilege for columns lastname and firstname from the customer table
exec sql
  OPEN DATABASE southwind;
exec sql
  GRANT UPDATE (lastname, firstname)
  customers TO '[20,100]';

Encryption

From Recital 8.5 onwards, Recital installations that have the additional DES3 license option have the ability to encrypt the data held in Recital database tables. Once a database table has been encrypted, the data cannot be accessed unless the correct three-part encryption key is specified, providing additional security for sensitive data.

ENCRYPT

The ENCRYPT Recital 4GL command is used to encrypt the data in the specified table or tables matching a skeleton. If the skeleton syntax is used, then all matching tables will be given the same encryption key. The encryption key is a three part comma-separated key and may optionally be enclosed in angled brackets. Each part of the key can be a maximum of 8 characters. The key is DES3 encrypted and stored in a .dkf file with the same basename as the table. After encryption, the three parts of the key must be specified correctly before the table can be accessed.

// Encrypt individual tables
encrypt customers key "key_1,key_2,key_3"
encrypt employees key "<key_1,key_2,key_3>"

// Encrypt all .dbf files in the directory
encrypt *.dbf key "key_1,key_2,key_3"
SET ENCRYPTION

If a database table is encrypted, the correct three-part encryption key must be specified before the table's data or structure can be accessed. The SET ENCRYPTION TO set command can be used to specify a default encryption key to be used whenever an encrypted table is accessed without the key being specified. The encryption key is a three part comma-separated key.

If the command to access the table includes the key, either by appending it to the table filename specification or using an explicit clause, this will take precedence over the key defined by SET ENCRYPTION TO.

Issuing SET ENCRYPTION TO without a key causes any previous setting to be cleared. The key must then be specified for each individual encrypted table.

The default key defined by SET ENCRYPTION is only active when SET ENCRYPTION is ON. SET ENCRYPTION OFF can be used to temporarily disable the default key. The SET ENCRYPTION ON | OFF setting does not change the default key itself. SET ENCRYPTION is ON by default.

// Encrypt individual tables
encrypt customers key "key_1,key_2,key_3"
encrypt shippers key "key_2,key_3,key_4"
// Specify a default encryption key
set encryption to "key_1,key_2,key_3"
// Open customers table using the default encryption key
use customers
// Specify shippers table's encryption key
use shippers<key_2,key_3,key_4>
// Disable the default encryption key
set encryption to
// Specify the individual encryption keys
use customers encryption "key_1,key_2,key_3"
use shippers<key_2,key_3,key_4>
DECRYPT

The DECRYPT command is used to decrypt the data in the specified table or tables matching a skeleton. The specified key must contain the three part comma-separated key used to previously encrypt the table and may optionally be enclosed in angled brackets. The skeleton syntax can only be used if all tables matching the skeletonhave the same key.

The DECRYPT command decrypts the data and removes the table’s .dkf file. After decryption, the key need no longer be specified to gain access to the table.

// Decrypt individual tables
decrypt customers key "key_1,key_2,key_3"
decrypt employees key "<key_1,key_2,key_3>"

// Decrypt all .dbf files in the directory
decrypt *.dbf key "key_1,key_2,key_3"

All of the following commands are affected when a table is encrypted:

  • APPEND FROM
  • COPY FILE
  • COPY STRUCTURE
  • COPY TO
  • DIR
  • USE
  • SQL INSERT
  • SQL SELECT
  • SQL UPDATE
APPEND FROM
Used to append records to the active table from another table.
// The key must be specified for an encrypted source table
use mycustomers append from customers encryption "key_1,key_2,key_3"; for country = "UK"
COPY FILE
Used to copy a file.
// The key file must also be copied for an encrypted source table
// as the target table will be encrypted
encrypt customers key "key_1,key_2,key_3" copy file customers.dbf to newcustomers.dbf copy file customers.dkf to newcustomers.dkf use newcustomers encryption "key_1,key_2,key_3"
COPY STRUCTURE
Used to copy a table's structure to a new table.
// The key file is automatically copied for an encrypted source table
// and the target table encrypted
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3" copy structure to blankcust use blankcust encryption "key_1,key_2,key_3"
COPY TO
Used to copy a table.
// By default, the key file is automatically copied for an encrypted
// source table and the target table encrypted with the same key
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy to newcustomers
use newcustomers encryption "key_1,key_2,key_3"

// You can also create a copy with a different key
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3"
use newcustomers encryption "newkey_1,newkey_2,newkey_3"

// Or create a decrypted copy
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3"
copy to newcustomers decrypt
use newcustomers

// You can also create an encrypted copy of a non-encrypted source table
use orders
copy to encorders encrypt "newkey_1,newkey_2,newkey_3"
use encorders encryption "newkey_1,newkey_2,newkey_3"
DIR
Used to display a directory listing of tables.
// Encrypted tables are flagged as such with (DES3)
> open database southwind
> dir
Current database: southwind
Tables				# Records		Last Update	Size		Dictionary	Triggers	Security
categories.dbf			8			01/10/06		24576	None		None		None
cisamdemo.dbf       ---> CISAM/Bridge        [cisamdemo]
customers.dbf (DES3)		91			05/12/04		49600	None		None		None
employees.dbf			9			05/12/04		25520	None		None		None
example.dbf   (DES3)		100			12/24/05		38080	Yes		Yes		None
order_details.dbf			2155			05/12/04		296320	None		None		None
orders.dbf				829			05/12/04		232704	None		None		None
products.dbf			77			05/12/04		37112	None		None		None
productsbyname.dbf		77			05/12/04		29104	None		None		None
shippers.dbf  (DES3)		3			05/12/04		20864	None		None		None
suppliers.dbf			29			12/08/05		29992	Yes		None		None

   0.765 MB in 11 files.
   1.093 GB remaining on drive.
USE
Used to open a table.
// The three part key must be specified to open an
// encrypted table.  All of the following are valid.
// 1. Specifying a default encryption key before opening the table
set encryption to "key_1,key_2,key_3"
use customers
// 2. Appending the key to the filename
use customers<key_1,key_2,key_3>
// 3. Using the ENCRYPTION clause, optionally specifying angled brackets
use customers encryption "key_1,key_2,key_3"
use customers encryption "<key_1,key_2,key_3>"
SQL INSERT
Used to add a row to a table via SQL.
// The three part key can be specified using a
// default encryption key before opening the table
exec sql
  OPEN DATABASE southwind;
exec sql
  SET ENCRYPTION TO "key_1,key_2,key_3";
exec sql
  INSERT INTO customers
  (customerid, companyname)
  VALUES
  ('RECIT','Recital Corporation');
// Or by appending the key to the filename
exec sql
  OPEN DATABASE southwind;
exec sql
  INSERT INTO customers<key_1,key_2,key_3>
  (customerid, companyname)
  VALUES
  ('RECIT','Recital Corporation');
SQL SELECT
Used to return data from a table via SQL.
// The three part key can be specified using a
// default encryption key before opening the table
exec sql
  OPEN DATABASE southwind;
exec sql
  SET ENCRYPTION TO "key_1,key_2,key_3";
exec sql
  SELECT * FROM customers;
// Or by appending the key to the filename
exec sql
  OPEN DATABASE southwind;
exec sql
  SELECT * FROM customers<key_1,key_2,key_3>;
SQL UPDATE
Used to update data in a table via SQL.
// The three part key can be specified using a
// default encryption key before opening the table
exec sql
  OPEN DATABASE southwind;
exec sql
  SET ENCRYPTION TO "key_1,key_2,key_3";
exec sql
  UPDATE customers
  SET companyname='Recital Corporation Inc.'
  WHERE customerid='RECIT';
// Or by appending the key to the filename
exec sql
  OPEN DATABASE southwind;
exec sql
  UPDATE customers<key_1,key_2,key_3>
  SET companyname='Recital Corporation Inc.'
  WHERE customerid='RECIT';

Summary

Recital offers a range of ways to keep your data secure. These start with the Operating System read/write permissions, which can be further refined to the level of table I/O operations and then field access in the Dictionary based Security and Protection rules. The Dictionary also provides the means to protect the integrity of the data via data validation and to assist in correct data entry through the use of choicelists, help messages and picture clauses etc. A further role of the Dictionary is in the provision of Table Triggers, which can be used to enable a programmatic response to table operations to add in additional checks or audit trails. For the most sensitive data, DES3 encryption is the ultimate protection: encrypting the physical data on the disk and only permitting table access on the production of the three part encryption key.

Published in Blogs
Read more...
Recital 10 enhances the APPEND FROM command. The enhancement was added to the following syntax ;
APPEND FROM  <table-name> 
Before when appending into a shared Recital table each new row was locked along with the table header, then unlocked after it was inserted. This operation has now been enhanced to lock the table once, complete inserting all the rows from the table and then unlock the table. The performance of this operation has been increased by using this method. All the database and table constraints are still enforced.
Published in Blogs
Read more...
Twitter

Copyright © 2019 Recital Software Inc.

Login

Register

User Registration
or Cancel